ithinkiam Posted September 10, 2016 Report Share Posted September 10, 2016 I've been using enpass for several months now, after being a long time KeepassX user and I love it! One feature that would be great to have is a way to select specific characters from a password. More and more websites only ask for individual characters from your password so it's not possible to autofill. The only way to do it is to reveal the password and count the characters. It means I have to use shorter passwords as finding the 15th, 43rd and 63rd characters would be extremely annoying! A simple way may be to have a dialogue with the password hidden yet each character is numbered above or below. Selecting/clicking the desired number(s) reveals the password character(s) in order to manually input to the webform. Would something like this be feasible? Thanks. Link to comment Share on other sites More sharing options...
Anshu kumar Posted September 12, 2016 Report Share Posted September 12, 2016 Hi @ithinkiam, Thanks for your suggestion. Our development team is working on similar feature called "subset of Password", which will fulfill your requirement and will be available in near future. Cheers! Link to comment Share on other sites More sharing options...
My1 Posted September 23, 2016 Report Share Posted September 23, 2016 On 10.9.2016 at 0:15 PM, ithinkiam said: More and more websites only ask for individual characters from your password so it's not possible to autofill you have some examples? because I never saw websites like that, and I REALLY think that these websites should be avoided because being able to ask for specific chars of the PW almost certainly means plaintext (or plaintext retrievable, e.g. plain encrypted) storage. Link to comment Share on other sites More sharing options...
ithinkiam Posted October 13, 2016 Author Report Share Posted October 13, 2016 Hi @my1 It's mostly financial websites that do this (banks, credit card, etc). I also had this when calling up my ISP recently. Link to comment Share on other sites More sharing options...
ithinkiam Posted October 13, 2016 Author Report Share Posted October 13, 2016 On 9/12/2016 at 11:00 AM, Anshu kumar said: Hi @ithinkiam, Thanks for your suggestion. Our development team is working on similar feature called "subset of Password", which will fulfill your requirement and will be available in near future. Cheers! That's great to hear. Looking forward to it. Link to comment Share on other sites More sharing options...
My1 Posted October 14, 2016 Report Share Posted October 14, 2016 18 hours ago, ithinkiam said: Hi @my1 It's mostly financial websites that do this (banks, credit card, etc). I also had this when calling up my ISP recently. well my bank never does this, and I am happy about it. especially because if they ask for specific characters of the password there are only 2 ways of doing it. 1) do it after you entered your password (plaintextpw may still be in ram or whatever, I sure hope it's probably wiped afterwards) 2) store the password in a retrievable form. which is OBVIOUSLY bad because a machine-retrievable password means that as soon as someone gets access to the machine, you can screw any last security measure that prevents bruteforcing, because the machine needs the PLAINTEXT pass to probe certain chars. and if the machine itself can access teh passwords even if they are encrypted that means that the machine has access to that key, which obviously means that an attacker can as soon as he is in the server near-effortlessly access ALL PASSWORDS IN PLAINTEXT! If I were you I would seriously ask that provider to talk about how they store the passwords, because if it is scenario 2 where you dont enter your full pass but the subset only they are literally just asking for trouble. this is even worse than the Yahoo hack which had md5 for passwords which is albeit not really secure, at least needs the attacker to bruteforce or rainbowtable it, but in scenario 2 the attacker gets the PLAINTEXT passwords literally served on the silver tablet (at least that's how we would say it in german, dunno if that works in english). Link to comment Share on other sites More sharing options...
Recommended Posts